{"id":22424,"date":"2024-02-09T16:51:00","date_gmt":"2024-02-09T15:51:00","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=22424"},"modified":"2024-02-09T16:51:02","modified_gmt":"2024-02-09T15:51:02","slug":"microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/","title":{"rendered":"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0"},"content":{"rendered":"\n
\n

Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened – whether voluntary or not – Shadow IT, that is to say cloud applications<\/span> that are<\/span> not validated by the organization,<\/span> managed by IT teams <\/span>or approved by security.<\/span>\u00a0<\/span><\/p>\n

One of the solutions to these new use cases is the implementation of a Cloud Access Security Broker (CASB), e.g. Microsoft Defender for Cloud Apps (MDCA). What is the real contribution of these solutions? The first part of the article introduces CASB general features, the following parts focus<\/span> on Microsoft solution, MDCA.<\/span>\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n

Cloud Access Security Broker (CASB), a way to reduce cloud applications related risks<\/span>\u00a0<\/span><\/h2>\n

A solution to secure cloud environment<\/span>\u00a0<\/span><\/h3>\n

A Cloud Access Security Broker (CASB) is a security checkpoint between company IS users and cloud applications. Analyzing internet flows from and to cloud services, CASB enables the organization to extend its security beyond its own infrastructure.<\/span>\u00a0<\/span><\/p>\n

CASB have several key features:<\/span>\u00a0<\/span><\/p>\n

    \n
  • Apply security policies on cloud applications uses (granular access policies, authorized activities\u2026)<\/span>\u00a0<\/span><\/li>\n
  • Detect Shadow IT, categorize and identify risk level associated to \u201cShadow\u201d in-use applications<\/span>\u00a0<\/span><\/li>\n
  • Control Bring Your Own Device (BYOD), that is to say personal devices (laptops or phones) owned by collaborators.<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

    \u00a0<\/p>\n

    A solution built on 4 pillars<\/span>\u00a0<\/span><\/h3>\n

    To provide these key features, CASB is built on 4 major pillars:<\/span>\u00a0<\/span><\/p>\n

    \"\"<\/span><\/p>\n

    Figure <\/span><\/i>1<\/span><\/i>: CASB pillars<\/span><\/i>\u00a0<\/span><\/p>\n

      \n
    • Visibility: <\/span><\/b>in order to manage cloud applications that are not supervised by IT tools, CASB provide visibility on cloud activities of collaborators, enabling the identification of unauthorized usages, associated data volumes, and business needs requiring other coverage<\/span>\u00a0<\/span><\/li>\n
    • Compliance:<\/span><\/b> many cloud applications are not compliant or not enough protected. A role of CASB is to inform about application compliance and security, as a way to evaluate risks and thus to take wise decisions (addition to the app catalog, application blockage and associated communication to users\u2026)<\/span>\u00a0<\/span><\/li>\n
    • Data security: <\/span><\/b>enhanced DLP strategy (Data Loss Prevention) through CASB bring stronger control on sensitive data breaches from cloud sources, securing company-authorized use cases<\/span>\u00a0<\/span><\/li>\n
    • Threat protection: <\/span><\/b>CASB provide defence against malware from cloud storage services and thus prevent threat spreading over enterprise network from cloud environments.<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

      \u00a0<\/span><\/p>\n

      Microsoft CASB solution: Microsoft Defender for Cloud Apps (MDCA)<\/span>\u00a0<\/span><\/h2>\n

      \u00a0<\/span>Microsoft Defender for Cloud Apps, a tool among an enriched security ecosystem<\/span>\u00a0<\/span><\/h3>\n

      As Microsoft is aware of cybersecurity challenges, they have massively invested in their security solutions in order to improve features and their management, resulting in the release of the unified security portal <\/span>Microsoft Defender XDR<\/span><\/b> (formerly Microsoft 365 Defender). This portal meets the common issue of security teams \u2013 which was information scattering \u2013 by gathering 4 major tools features:<\/span>\u00a0<\/span><\/p>\n

        \n
      • Microsoft Defender for Office 365: <\/span><\/b>secure messaging and collaborative spaces (e.g. incoming mails analysis, especially sender, content, attached files\u2026)<\/span>\u00a0<\/span><\/li>\n
      • Microsoft Defender for Endpoint (Microsoft EDR): <\/span><\/b>manage endpoint and prevent associated attacks, apply security policies, block possibly malicious programs<\/span>\u00a0<\/span><\/li>\n
      • Microsoft Defender for Identity: <\/span><\/b>manage identity access and lateral movement attempts to compromise privilege account<\/span>s<\/span>\u00a0<\/span><\/li>\n
      • Microsoft Defender for Cloud Apps:<\/span><\/b> enhance<\/span> visibility and control over data transiting from and to the IS and cloud applications.<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

        In addition to access to content facilitation for security administrators, Microsoft strengthens the correlation between pieces of information included in each tool. This correlation brings two major advantages:<\/span>\u00a0<\/span><\/p>\n

          \n
        • The expansion of the number of detection points, that increase the likelihood to promptly detect attacks, as several tools must be encountered to succeed an attack<\/span>\u00a0<\/span><\/li>\n
        • The correlation between tools and signals, that not only eases the understanding of the kill chain, but also provides a better incident contextualization and an easier sorting of numerous alerts from these 4 different tools. <\/span>Figure 2<\/span><\/i> shows the solicitation of each Microsoft security tool according to the attack steps:<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

          \"\"<\/span><\/p>\n

          Figure <\/span><\/i>2<\/span><\/i>: Several detection points of an attack in Microsoft Defender suite<\/span><\/i>\u00a0<\/span><\/p>\n

          As MDCA ecosystem is now explained, let\u2019s look deeper into the tool.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

          Microsoft Defender for Cloud Apps, a set of additional strategies to configure to protect cloud applications and their utilization<\/span>\u00a0<\/span><\/h3>\n

          Microsoft Defender for Cloud Apps deals with the notion of protection and detection rules, also called policies. Policies produce alerts when targeted events are logged to detect suspicious behaviour, they also can take pre-configured actions conditioned by these events. A MDCA committed menu gathers policies and alerts management. Several MDCA security policies exist, categories are detailed below:<\/span>\u00a0<\/span><\/p>\n

            \n
          • Threat Detection:<\/span><\/b>\u00a0<\/span>\n
              \n
            • Activity Policy:<\/span><\/b> collect and monitor<\/span> audit logs for embedded applications, through session control alerting when suspicious activity is triggered, detecting compromission or an internal user malicious activity<\/span>\u00a0<\/span><\/li>\n
            • OAuth app<\/span><\/b>1<\/span><\/b> policy:<\/span><\/b> manage application and user permissions on the environments to alert about OAuth applications at risk or overprivileged, in order to apply least privilege principle and improve detection on riskiest applications\u00a0<\/span>\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n
            • Information Protection:<\/span><\/b>\u00a0<\/span>\n
                \n
              • File policy:<\/span><\/b> review and label files according to specified rules (creation date, modification date, contributors\u2026) to protect data stored in the Cloud, e.g. by alerting when a file is dangerously shared on unauthorized domains, or when a sensitive data is detected on the Cloud<\/span>\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n
              • Conditional Access:<\/span><\/b>\u00a0<\/span>\n
                  \n
                • Access policy:<\/span><\/b> real-time monitoring of cloud applications accesses (users, localisations, endpoints), enhancing Entra ID Conditional Access with granular filtering capacities<\/span>\u00a0<\/span><\/li>\n
                • Session policy:<\/span><\/b> real-time management of user activities in order to immediately take action against suspicious or unauthorized activities, such as malicious files download, sensitive files download from specified risky areas<\/span>\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n
                • Shadow IT:<\/span><\/b>\u00a0<\/span>\n
                    \n
                  • Cloud Discovery anomaly detection policy:<\/span><\/b> alerts triggering when unusual behaviour is detected on managed cloud applications, based on machine learning capacities<\/span>\u00a0<\/span><\/li>\n
                  • App Discovery policy: <\/span><\/b>application flows analysis and data sorting (by user, by resource\u2026) to associate a secure and compliance score to applications, to send alerts when a new application tagged popular or dangerous is used by specific groups of users inside the organization.<\/span>\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n

                    \u00a0<\/span><\/p>\n

                    Which mechanisms are providing these diverse policies?<\/span>\u00a0<\/span><\/h3>\n

                    MDCA is composed of <\/span>3 major building blocks<\/span><\/b> to be optimally integrated into<\/span> an<\/span> organization\u2019s information system. <\/span>Figure 3<\/span><\/i> points out the block <\/span>\u201cCloud Discovery\u201d<\/span><\/b>, being an interface between MDCA and company firewall that <\/span>analyse application flows inside the organization.<\/span><\/b> \u201cCloud Discovery\u201d also allows <\/span>script configuration to restrict some uses<\/span><\/b>. <\/span>\u201cReverse proxy\u201d<\/span><\/b> block is placing MDCA between the IS and cloud applications, in order to <\/span>continuously<\/span><\/b> analyse sign-ins and policies<\/span><\/b> (session, access\u2026). Finally, <\/span>\u201cApp connectors\u201d<\/span><\/b> block <\/span>directly links MDCA to cloud applications<\/span><\/b> to enable their analysis.<\/span>\u00a0<\/span><\/p>\n

                    \"\"<\/span><\/p>\n

                    Figure <\/span><\/i>3<\/span><\/i>: Monitoring mechanisms on cloud applications<\/span><\/i>\u00a0<\/span><\/p>\n

                    \u00a0
                    Cloud discovery:<\/span><\/b>\u00a0<\/span><\/p>\n

                    Cloud discovery operates with<\/span> the<\/span> logs collector of the company firewall, proxy or Microsoft Defender for Endpoint, which must thus be installed on every endpoint. Network logs contributes to cloud applications and associated network traffic analysis by MDCA. Then, this tool rates these applications based on current knowledge of several tens of thousands of applications, scoring being established from about 100 security and compliance criteria. Cloud discovery and cloud application<\/span>\u00a0<\/span><\/p>\n

                    Reverse Proxy:<\/span><\/b>\u00a0<\/span><\/p>\n

                    Session control relies on federated authentication. Once the Identity Provider is connected to Entra ID and the application to the environment, session is automatically captured and network traffic is routed towards a reverse proxy, when users log in using their credentials. Thus, some features can be implemented, such as blocking downloading, text copy, or asking for a multi-factor authentication before any action. Associated features are audit logs and session control mechanisms.<\/span>\u00a0<\/span><\/p>\n

                    App connectors:<\/span><\/b>\u00a0<\/span><\/p>\n

                    These are APIs connecting to most-used applications (particularly cloud storage services: AWS, Azure, GCP). Thanks to these connections, MDCA is able to regularly scan files online files, but also users reaching those documents. Provided features goes from accounts information and governance to application permissions through data analysis.<\/span>\u00a0<\/span><\/p>\n

                    \u00a0<\/span><\/p>\n

                    A wide range security & compliance use cases covered by MDCA<\/span>\u00a0<\/span><\/h3>\n

                    Many suspicious behavioural detection\u2019s use case are enabled through the different MDCA\u2019s strategy. Those detections can only raise one alert or trigger an instant remediation (e.g. blockage) according to the event\u2019s gravity. Here are a few examples of those use cases:<\/span>\u00a0<\/span><\/p>\n

                      \n
                    • Creation of an alert<\/span><\/b>:<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
                        \n
                      • \n
                          \n
                        • When connecting from an anonymous IP address (via Activity policy)<\/span>\u00a0<\/span><\/li>\n
                        • When downloading a large quantity of data with an unusual user\u2019s behaviour (via Cloud Discovery anomaly detection policy)<\/span>\u00a0<\/span><\/li>\n
                        • When downloading a file with sensitive data (credit card number, passport number\u2026) (via File policy)<\/span>\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
                            \n
                          • \n
                              \n
                            • When an abnormal number of connections to a business application is observed (via App Discovery policy).<\/span>\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
                                \n
                              • Request of an MFA confirmation<\/span><\/b> when a user tries to download<\/span> a<\/span> highly confidential file while being connected via Azure AD (via Session policy)<\/span>\u00a0<\/span><\/li>\n
                              • Mandatory labelling <\/span><\/b>before allowing a user to drop a file with sensitive information which isn\u2019t labelled on the Cloud (via Session policy)<\/span>\u00a0<\/span><\/li>\n
                              • Blocking the sending of a message <\/span><\/b>from a user trying to send sensitive information to another user (e.g. bank account number) via instant messaging (via Session policy)<\/span>\u00a0<\/span><\/li>\n
                              • Blocking the download from a cloud storage application <\/span><\/b>of a confidential file if the user is connected with its personal computer (via Session policy)<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

                                \"\"<\/span><\/p>\n

                                \u00a0Figure 4: Example of Session policy for controlling the use of an application<\/span><\/i>\u00a0<\/span><\/p>\n

                                \u00a0<\/span><\/p>\n

                                MCDA, a complex solution to implement<\/span>\u00a0<\/span><\/h3>\n

                                As seen previously, MCDA is a tool that offers several features that complement other of Microsoft\u2019s security tools like DLP Purview or Microsoft Defender making the prioritisation of features to activate and to use a requirement. These features and the \u201cpolicies\u201d organization lead to a complex configuration which needs to be considered. It is then mandatory to target which use case needs to be covered and to test the effectiveness of the defined policies to ensure that on one side the risk coverage is effective and on the other to prevent the generation of too many false positives, as it can be seen when implementing some DLP rules.<\/span>\u00a0<\/span><\/p>\n

                                Finally, the implementation of MDCA requires some non-trivial prerequisites such as:<\/span>\u00a0<\/span><\/p>\n

                                  \n
                                • MDCA interconnection with the different Cloud applications used<\/span>\u00a0<\/span><\/li>\n
                                • The implementation of mechanism to force passage through the CASB (blocking not compatible browser)<\/span>\u00a0<\/span><\/li>\n
                                • Learning models\u2019 formation and refining detection\u2019s rules, whether they are provided by Microsoft or customised by the organisation to reduce the number of false positives.<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

                                  \u00a0<\/span><\/p>\n

                                  As a conclusion, MDCA, as another CASB is a promising tool which need an advanced level of maturity<\/span>\u00a0<\/span><\/h3>\n

                                  Microsoft Defender for Cloud Apps is naturally integrated to services and Microsoft security tools, has suspect activity detection strategies by default and allows you to get a first global view with a first assessment of the risks and of the interconnections between the organisation\u2019s IS and cloud applications (Microsoft 365 included).<\/span>\u00a0<\/span><\/p>\n

                                  However, its apparent ease of implementation should not hide the need to setup some prerequisites like the refining of rules and the management of interconnections between the IS and the cloud\u2019s environments (browsers\u2019 management, interconnection of third-party applications\u2026). It shouldn\u2019t hide the efforts needed to implement detection\u2019s strategies for the organisation (creation of rules, tests and corrections of false positives \/ negatives). Its implementation should be carried out as a part of a project and the creation of new strategies must be subject of a special attention and an iterative approach.<\/span>\u00a0<\/span><\/p>\n

                                  In summary, \u00a0MDCA should be considered as a powerful security tool, which will need time to configure, refine and integrate to other additional features like data classification or conditional access rules. It will require a significant amount of time for configuration, which will only be possible after setting up a first level of security and acquiring a certain maturity level on the cloud applications and CASB\u2019 use cases.<\/span><\/p>\n

                                  \u00a0<\/p>\n

                                  \u00a0<\/p>\n

                                  \u00a0<\/p>\n

                                  \u00a0<\/p>\n

                                  Thanks to Mathias COULAIS for his contribution to this article.<\/em>\u00a0<\/span><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

                                  Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened – whether voluntary or…<\/p>\n","protected":false},"author":1442,"featured_media":22422,"comment_status":"open","ping_status":"closed","sticky":true,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3266,3977],"tags":[3122,4349,4350],"coauthors":[4096,4346],"class_list":["post-22424","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-next-gen-it-security-en","category-focus","tag-casb-en","tag-cloud-access-security-broker-2","tag-microsoft-defender-cloud-apps-2"],"acf":[],"yoast_head":"\nMicrosoft Defender for Cloud Apps: how to secure cloud applications use\u00a0 - RiskInsight<\/title>\n<meta name=\"description\" content=\"Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened - whether voluntary or not - Shadow IT, that is to say cloud applications that are not validated by the organization, managed by IT teams or approved by security. One of the solutions to these new use cases is the implementation of a Cloud Access Security Broker (CASB), e.g. Microsoft Defender for Cloud Apps (MDCA). What is the real contribution of these solutions? The first part of the article introduces CASB general features, the following parts focus on Microsoft solution, MDCA.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0 - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened - whether voluntary or not - Shadow IT, that is to say cloud applications that are not validated by the organization, managed by IT teams or approved by security. One of the solutions to these new use cases is the implementation of a Cloud Access Security Broker (CASB), e.g. Microsoft Defender for Cloud Apps (MDCA). What is the real contribution of these solutions? The first part of the article introduces CASB general features, the following parts focus on Microsoft solution, MDCA.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-09T15:51:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-09T15:51:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"791\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Sebastien Corradini, Alexis BARBIER\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sebastien Corradini, Alexis BARBIER\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/\"},\"author\":{\"name\":\"Sebastien Corradini\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/10c6fd13c98b6346fc487808301e733d\"},\"headline\":\"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0\",\"datePublished\":\"2024-02-09T15:51:00+00:00\",\"dateModified\":\"2024-02-09T15:51:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/\"},\"wordCount\":1898,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp\",\"keywords\":[\"CASB\",\"cloud access security broker\",\"microsoft defender cloud apps\"],\"articleSection\":[\"Cloud & Next-Gen IT Security\",\"Focus\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/\",\"name\":\"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0 - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp\",\"datePublished\":\"2024-02-09T15:51:00+00:00\",\"dateModified\":\"2024-02-09T15:51:02+00:00\",\"description\":\"Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened - whether voluntary or not - Shadow IT, that is to say cloud applications that are not validated by the organization, managed by IT teams or approved by security. One of the solutions to these new use cases is the implementation of a Cloud Access Security Broker (CASB), e.g. Microsoft Defender for Cloud Apps (MDCA). What is the real contribution of these solutions? The first part of the article introduces CASB general features, the following parts focus on Microsoft solution, MDCA.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp\",\"width\":1280,\"height\":791},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/10c6fd13c98b6346fc487808301e733d\",\"name\":\"Sebastien Corradini\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/sebastien-corradiniwavestone-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0 - RiskInsight","description":"Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened - whether voluntary or not - Shadow IT, that is to say cloud applications that are not validated by the organization, managed by IT teams or approved by security. One of the solutions to these new use cases is the implementation of a Cloud Access Security Broker (CASB), e.g. Microsoft Defender for Cloud Apps (MDCA). What is the real contribution of these solutions? The first part of the article introduces CASB general features, the following parts focus on Microsoft solution, MDCA.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0 - RiskInsight","og_description":"Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened - whether voluntary or not - Shadow IT, that is to say cloud applications that are not validated by the organization, managed by IT teams or approved by security. One of the solutions to these new use cases is the implementation of a Cloud Access Security Broker (CASB), e.g. Microsoft Defender for Cloud Apps (MDCA). What is the real contribution of these solutions? The first part of the article introduces CASB general features, the following parts focus on Microsoft solution, MDCA.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/","og_site_name":"RiskInsight","article_published_time":"2024-02-09T15:51:00+00:00","article_modified_time":"2024-02-09T15:51:02+00:00","og_image":[{"width":1280,"height":791,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp","type":"image\/webp"}],"author":"Sebastien Corradini, Alexis BARBIER","twitter_misc":{"Written by":"Sebastien Corradini, Alexis BARBIER","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/"},"author":{"name":"Sebastien Corradini","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/10c6fd13c98b6346fc487808301e733d"},"headline":"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0","datePublished":"2024-02-09T15:51:00+00:00","dateModified":"2024-02-09T15:51:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/"},"wordCount":1898,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp","keywords":["CASB","cloud access security broker","microsoft defender cloud apps"],"articleSection":["Cloud & Next-Gen IT Security","Focus"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/","name":"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0 - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp","datePublished":"2024-02-09T15:51:00+00:00","dateModified":"2024-02-09T15:51:02+00:00","description":"Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened - whether voluntary or not - Shadow IT, that is to say cloud applications that are not validated by the organization, managed by IT teams or approved by security. One of the solutions to these new use cases is the implementation of a Cloud Access Security Broker (CASB), e.g. Microsoft Defender for Cloud Apps (MDCA). What is the real contribution of these solutions? The first part of the article introduces CASB general features, the following parts focus on Microsoft solution, MDCA.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/02\/couv.webp","width":1280,"height":791},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/02\/microsoft-defender-for-cloud-apps-how-to-secure-cloud-applications-use\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Microsoft Defender for Cloud Apps: how to secure cloud applications use\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/10c6fd13c98b6346fc487808301e733d","name":"Sebastien Corradini","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/sebastien-corradiniwavestone-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/22424","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1442"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=22424"}],"version-history":[{"count":2,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/22424\/revisions"}],"predecessor-version":[{"id":22451,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/22424\/revisions\/22451"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/22422"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=22424"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=22424"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=22424"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=22424"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}